1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.9
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
#
# This ruleset allows you to control how ModSecurity will handle traffic originating
# from Authorized Vulnerability Scanning (AVS) sources.
# See related blog post -
# http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html
#
#
# White-list ASV network block (no blocking or logging of AVS traffic)
# Update IP network block as appropriate for your AVS traffic
#SecRule REMOTE_ADDR "@beginsWith 192.168.1." "phase:1,id:'981033',t:none,nolog,pass,allow"
#
# Recommended "Block but Don't Log" rule for scanning traffic
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:1,id:'981034',t:none,nolog,pass,ctl:auditEngine=Off"
# Recommended phase 3 rule that will re-enable the audit engine if the request
# was not blocked by one of the normal rules.
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:3,id:'981035',t:none,nolog,pass,ctl:auditEngine=On"
|
